- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
SAN FRANCISCO -- In his keynote address at the RSA Conference here, Microsoft's chief research and strategy officer Craig Mundie sought to rally the high-tech industry and its customers to an idea Microsoft is calling "End to End Trust," a system for the Internet where identity claims can be validated according to sound security principles.
“We believe that End to End Trust will transform how the industry thinks about and approaches online trust and security,” Mundie said. Microsoft wants broad feedback not just from high-tech, but from government, businesses and people everywhere to make its vision a reality. As to what the idea of End to End Trust vision might entail, Microsoft published a 20-page white paper to explain it, stating “the path forward” includes having a “trusted stack” comprising trusted devices, trusted operating system, trusted applications, trusted people and trusted data plus an audit trail.
“We want to formalize a dialog with a lot more people,” Mundie said. “We need a collaboration with a lot of people making products in this area.”
Microsoft says challenges to achieving this End to End Trust goal will be political, legal and social, not just technical, since online identity touches on notions about privacy and business activity.
One of the few concrete examples that Mundie provided was the idea of a digital certificate that proved someone was at least 18 years ago.
Where exactly Microsoft will go with End to End Trust and the Trusted Stack isn’t readily apparent. Doug Leland, general manager of the identity and access division at Microsoft, said Mundie “laid out a vision for how we’re taking the Trustworthy Computing Initiative,” begun half a dozen years ago. In those years, Microsoft re-tooled its products as it sought better security. Microsoft sees End to End Trust as the next step toward an identity system for the Web. He did say the future ideal of the “trusted stack” would include Windows Server 2008.
However, many seem skeptical about Microsoft’s vision.
“Microsoft will conquer End to End Trust after they’ve conquered the online computing games,” scoffed independent security analyst and Network World blogger Richard Stiennon, attending the RSA Conference here.
The Liberty Alliance is the organization dedicated to building federated identity across government and private enterprises based on de facto standards such as the Security Assertion Markup Language (SAML), digital certificates, and agreed-upon business guidelines. After a presentation at the RSA Conference about the group’s most recent activities, some panelists expressed views about Mundie's keynote.
“It sounds somewhat like what we’re doing,” said Soren Peter Nielsen, information architect for the Danish National IT and Telecom Agency, which has created a Web portal in Denmark for online services which it hopes to see become part of a broader European Union federated-identity portal. Nielsen said it was “good Microsoft was opening up more,” but he added that Microsoft should get involved in the Liberty Alliance.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment